My board doesn't get any real callers, but I get a constant barrage of people trying to break in. It's funny, really. This one guy keeps trying to use paswords like "root" or "admin" (the old standbys). I finally left him (or her) a message on one of the login screens, telling them to give it up because there is nothing here except for a little server with a bulletin board on it, and they persist. I realize that most of these attempts are from bots, but I have had a few humans too. This is all very entertaining, in a way, but it's also annoying. So, what do YOU guys do about people trying to hack into your BBS? Just ignore them and let them have their fun? Or are there ways to stop them? I'm open to suggestions. Thanks.

... Don't diet, download a virus to remove the FAT.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

Alonzo wrote (2023-01-07):

So, what do YOU guys do
about people trying to hack into your BBS? Just ignore them and let them have their fun? Or are there ways to stop them? I'm open to suggestions. Thanks.

change the port from 23 to some other port number.

⁂

---
* Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)

Re: hackers
By: Alonzo to All on Sat Jan 07 2023 10:51 am

entertaining, in a way, but it's also annoying. So, what do YOU guys do about people trying to hack into your BBS? Just ignore them and let them have their fun? Or are there ways to stop them? I'm open to suggestions.

TBH, nothing on the BBS side. Just let the bots try and fail at doing their thing.

I do a bit more on the home firewall side of things, however. There are various deny-lists and other tools that can prevent 'Known Bad' IPs from getting as far as your BBS, and also heuristically block repeated attempts.

Defense in depth also means taking regular full backups, so in the event of a successful hack, I can restore to something Known Good.

HTH!
--- SBBSecho 3.20-Linux
* Origin: Extricate BBS - bbs.extricate.org (21:1/189)

change the port from 23 to some other port number.

Good idea. I will give that a try.

... That's not a bug, it's an undocumented feature

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

TBH, nothing on the BBS side. Just let the bots try and fail at doing their thing.
I do a bit more on the home firewall side of things, however. There are various deny-lists and other tools that can prevent 'Known Bad' IPs from getting as far as your BBS, and also heuristically block repeated attempts.

Ok, thanks a lot for the tips.

... Fer sell cheep: BBS spel chekker. Wurks grate.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

On 07 Jan 2023, Alonzo said the following...

So, what do YOU guys do about people trying to hack into your BBS? Just Al> ignore them and let them have their fun? Or are there ways to stop them? Al> I'm open to suggestions. Thanks.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)

I use this powershell script to block out whole countries and regions which really calms down (but doesn't eliminate) the noise:

https://bbs.lc/oHfO7

I also block out Digital Ocean & Linode's IP ranges:

https://digitalocean.com/geo/google.csv
https://geoip.linode.com/

You'll need to make sure any mail hubs you connect to aren't hosted at any of these providers of course.

You can also add the usual bad usernames (root, admin, etc) to mystic\data\badusers.txt which will stop them a bit sooner.


Jay

... The older you get, the better you get, unless you're a banana

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Northern Realms | bbs.nrbbs.net | 289-424-5180 (21:3/110)

On 07 Jan 2023, Alonzo said the following...

My board doesn't get any real callers, but I get a constant barrage of people trying to break in. It's funny, really. This one guy keeps trying to use paswords like "root" or "admin" (the old standbys). I finally
left him (or her) a message on one of the login screens, telling them to give it up because there is nothing here except for a little server with
a bulletin board on it, and they persist. I realize that most of these attempts are from bots, but I have had a few humans too. This is all
very entertaining, in a way, but it's also annoying. So, what do YOU
guys do about people trying to hack into your BBS? Just ignore them and let them have their fun? Or are there ways to stop them? I'm open to suggestions. Thanks.

I have my Router blocking countries now, I have about 7 or 8 of them, the usual suspects, North Korea, Russia, China, and a few other Communist states.. It works well for me.. My Mystic which is on port 23 blocks the rest with the built in blocker. The other boards I run well those fight without protection, other then when I see the IP addresses of the bots I will block them manually.. It's a pain sometimes but it does work..


|11 Bucko |14- |06Wrong Number Family Of BBS' |07- |03www.wrgnbr.com

... Old musicians never die. They just decompose!

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

I use this powershell script to block out whole countries and regions which really calms down (but doesn't eliminate) the noise: https://bbs.lc/oHfO7
I also block out Digital Ocean & Linode's IP ranges:

Thanks for the tips! I will give that a try.

... Operator, give me the number for 911

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

I have my Router blocking countries now, I have about 7 or 8 of them,
the usual suspects, North Korea, Russia, China, and a few other
Communist states.. It works well for me.. My Mystic which is on port 23

I haven't thought of actually blocking countries at the router. I've been letting Mystic take care of that. But if it gets worse, I'll try that. Thanks.

... Origin of Life? Just check my refrigerator...

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

On 08 Jan 2023, Alonzo said the following...

I haven't thought of actually blocking countries at the router. I've been letting Mystic take care of that. But if it gets worse, I'll try that. Thanks.

Main reason I do that is because I run a couple of other BBS Softwares that don't block like Mystic and Synchronet.

AL


|11 Bucko |14- |06Wrong Number Family Of BBS' |07- |03www.wrgnbr.com

... Shortcut: longest distance between two points

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)

Alonzo wrote to All <=-

My board doesn't get any real callers, but I get a constant barrage of people trying to break in. It's funny, really. This one guy keeps
trying to use paswords like "root" or "admin" (the old standbys). I finally left him (or her) a message on one of the login screens,
telling them to give it up because there is nothing here except for a little server with a bulletin board on it, and they persist. I realize

The root/admin/etc one is likely a bot. I have not noticed them as much lately, but I used to get a bunch of them. I am pretty sure they are
scanning for IoT devices (TVs, game consoles, etc.) and maybe routers where people set them up but never change the passwords. If they find one, they
can get into the device to install their payload.

IIRC, I have seen a few that scan for the raspberry pi default user, too.



... Spelling is a sober man's game
--- MultiMail/DOS
* Origin: possumso.fsxnet.nz * SSH:2122/telnet:24/ftelnet:80 (21:4/134)

Re: hackers
By: Alonzo to All on Sat Jan 07 2023 10:51 am

My board doesn't get any real callers, but I get a constant barrage of people trying to break in. It's funny, really. This one guy keeps trying to use paswords like "root" or "admin" (the old standbys). I finally left

You should make those accounts! root and admin and when they do manage a log-in, have the accounts suspended so that they are immediatly disconnected, hahaha!

May or may not be feasable, but funny!

Taphophile
--- SBBSecho 3.11-Win32
* Origin: -=[conchaos.synchro.net | ConstructiveChaos BBS]=- (21:4/141)

Re: hackers
By: Mewcenary to Alonzo on Sat Jan 07 2023 05:57 pm

Back in the day, I had a friend who hosted CHRIS-CO BBS (his name is Chris) and he wrote a script for his VBBS6.14/VAdvanced 2.10 board that new users had to input the phone number they were calling from, and the board would disconnect them and then call that number and somehow (i don't remember the details) verify that it was a legit caller. I think you could have your dialer software open and answer an incoming call? I really don't remember I wasn't even driving back then I was a kiddo. I thought that was real neat though! He had a number of scripts written, and even wrote his own net "CHRIS-NET" that all the local boards were apart of. I don't know what ever happened to that dood. His handle was "Computer Whiz".

Taphophile
--- SBBSecho 3.11-Win32
* Origin: -=[conchaos.synchro.net | ConstructiveChaos BBS]=- (21:4/141)

Back in the day, I had a friend who hosted CHRIS-CO BBS (his name is Chris he wrote a script for his VBBS6.14/VAdvanced 2.10 board that new users had input the phone number they were calling from, and the board would disconn them and then call that number and somehow (i don't remember the details)

Thats actually pretty damn cool ^^

... Anything is possible if you don't know what you're talking about

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: TheForze - bbs.theforze.eu:23 (21:3/126)

On 08 Jan 2023, Taphophile said the following...

Re: hackers
By: Mewcenary to Alonzo on Sat Jan 07 2023 05:57 pm

Back in the day, I had a friend who hosted CHRIS-CO BBS (his name is Chris) and he wrote a script for his VBBS6.14/VAdvanced 2.10 board that new users had to input the phone number they were calling from, and the board would disconnect them and then call that number and somehow (i
don't remember the details) verify that it was a legit caller. I think
you could have your dialer software open and answer an incoming call? I really don't remember I wasn't even driving back then I was a kiddo. I thought that was real neat though! He had a number of scripts written,
and even wrote his own net "CHRIS-NET" that all the local boards were apart of. I don't know what ever happened to that dood. His handle was "Computer Whiz".

Taphophile

The phone modems of that period were used to communicate in 2 directions. Obviously, you could get incoming to your BBS. But you used them when calling to another BBS. This "feature" of verifying a user was actually quite common. Look here "http://www.pcmicro.com/support/modem_at_commands.html" for the specifics of using "Hayes" compatible Modem AT commands.

... There are two types of people; those who finish what they start and

--- Mystic BBS v1.12 A48 (Windows/64)
* Origin: Altair IV BBS (21:2/147)

Re: Re: hackers
By: ogg to Taphophile on Sun Jan 08 2023 02:17 pm

The phone modems of that period were used to communicate in 2 directions. Obviously, you could get incoming to your BBS. But you used them when calling to another BBS. This "feature" of verifying a user was actually quite common. Look here

Also a theme within the (great) film WarGames!

Mewcenary.
--- SBBSecho 3.20-Linux
* Origin: Extricate BBS - bbs.extricate.org (21:1/189)

TBH, nothing on the BBS side. Just let the bots try and fail at doing their thing.

I block countries and also let Mystic figure out its own allow/denylist - it works pretty well. Additionally I have a "press escape twice" thing as a frontend doing some sort of human detection. These things combined tend to work rather well for me.

I do a bit more on the home firewall side of things, however. There are various deny-lists and other tools that can prevent 'Known Bad' IPs from getting as far as your BBS, and also heuristically block repeated attempts.

My home firewall is closed, I host all my services which are open to the internet on cloud infrastructure. I have a healthy paranoia of letting people into my home firewall :) Even though a VLAN would probably work just fine, I still nevertheless prefer cloud hosting.

Defense in depth also means taking regular full backups, so in the event of a successful hack, I can restore to something Known Good.

Yep, same. I take daily backups for a week, weeklies for a month, monthlies for a year, and yearlies.

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

Back in the day, I had a friend who hosted CHRIS-CO BBS (his name is Chris) and he wrote a script for his VBBS6.14/VAdvanced 2.10 board that new users had to input the phone number they were calling from, and the board would disconnect them and then call that number and somehow (i
don't remember the details) verify that it was a legit caller. I think
you could have your dialer software open and answer an incoming call? I really don't remember I wasn't even driving back then I was a kiddo. I thought that was real neat though! He had a number of scripts written,
and even wrote his own net "CHRIS-NET" that all the local boards were apart of. I don't know what ever happened to that dood. His handle was "Computer Whiz".

Ah yes, these were called "Call Back Verifiers" (or CBV for short).

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

I have been making daily backups. That's the best I can do for now. I screw things up enough by myself, so I don't really need any outside help. Haha

... As a matter of fact, it IS a banana in my pocket!

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

Chris) and he wrote a script for his VBBS6.14/VAdvanced 2.10 board th new users had to input the phone number they were calling from, and t board would disconnect them and then call that number and somehow (i don't remember the details) verify that it was a legit caller. I thin

Yeah I did the same thing with a board I had back in the 90s. I eventually quit using it because most people ignored it. With Telnet though, it's complicated. What would you verify? You can't verify an IP because people just use VPNs, so IP addresses are meaningless. And if people are just trying to brak your BBS, they never register anyway, so there's no personal info.

... We all live in a yellow subroutine...

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

On 1/7/23 06:48, Alonzo wrote:

My board doesn't get any real callers, but I get a constant barrage of people trying to break in.

Most likely automated scripts... Not sure how difficult it would be...
but you could simply drop any terminal connections that don't detect at
least ANSi support. Since the automated scripts most likely don't.

This may of course limit a handful of real users with older terminal appliances.

IIRC, Synchronet's login.js does this by default now.
--
Michael J. Ryan - tracker1@roughneckbbs.com
--- SBBSecho 3.15-Linux
* Origin: Roughneck BBS - roughneckbbs.com (21:3/149)

On 1/10/23 08:34, Alonzo wrote:

Yeah I did the same thing with a board I had back in the 90s. I
eventually quit using it because most people ignored it. With
Telnet though, it's complicated. What would you verify? You can't
verify an IP because people just use VPNs, so IP addresses are
meaningless. And if people are just trying to brak your BBS,
they never register anyway, so there's no personal info.

I've thought about pre-verifying email addresses in order to login. I
changed my telnet login to use "email" first, so new users it's the
first thing, but haven't coded up the preverify logic yet.

Also considering adding SMS verification as an alternative to email verification.
--
Michael J. Ryan - tracker1@roughneckbbs.com
--- SBBSecho 3.15-Linux
* Origin: Roughneck BBS - roughneckbbs.com (21:3/149)

On 08 Jan 2023, Alonzo said the following...

I have my Router blocking countries now, I have about 7 or 8 of them, the usual suspects, North Korea, Russia, China, and a few other Communist states.. It works well for me.. My Mystic which is on port

I haven't thought of actually blocking countries at the router. I've been letting Mystic take care of that. But if it gets worse, I'll try that. Thanks.

I didn't think of that either. I was just blocking at the bbs level.

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

... What hair color do they put on the driver's licenses of bald men?

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Sinner's Haven 2.0 (21:1/169)

Yeah, I am thinking about limiting access to ANSI-only. I am getting so sick of these bots and clueless people. It's really taking the fun out of it.

... Operator, give me the number for 911

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

Yeah, I am thinking about limiting access to ANSI-only. I am getting so sick of these bots and clueless people. It's really taking the fun out
of it.

Yeah, an ANSI restriction may limit SOME bots. However, even many regular linux terms wil return they can render ANSI to that check.

|13MaNDaRaX
|09Location: |05Victoria's Secret

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

Tracker1 wrote (2023-01-11):

On 1/10/23 08:34, Alonzo wrote:

Yeah I did the same thing with a board I had back in the 90s. I
eventually quit using it because most people ignored it. With
Telnet though, it's complicated. What would you verify? You can't
verify an IP because people just use VPNs, so IP addresses are
meaningless. And if people are just trying to brak your BBS,
they never register anyway, so there's no personal info.

I've thought about pre-verifying email addresses in order to login. I changed my telnet login to use "email" first, so new users it's the
first thing, but haven't coded up the preverify logic yet.

Also considering adding SMS verification as an alternative to email verification.

A great way to discourage users to sign up. As a user, how do I know that your BBS is not a honeypot for collecting email addresses and phone numbers? I also have to assume that my personal data is in no way protected on you system and might be listed for everyone to see in the BBS. Especially if there is no privacy policy to read before email / SMS verification..

I don't understand why you need a login at all right after the connection is established. Why not have an open BBS were users are free to surf the boards? And if they want to write messages or read restricted areas they have to register/login first. Like with any web forum. This model works. Requiring registration before you can see anything just creates a bunch of dead user accounts. It's not the 80s/90s anymore.

Best way to discourage bots is running on another port than 22 / 23. There could also be a very simple captcha / are you a human? puzzle at the start, if the bots are still there.

I would enjoy the few remaining years of stupid bots without worrying too much about login unsuccessful attempts showing up in the log files. Soon the bots will be indistinguishable from humans. And they will create their own thriving BBS scene.

⁂

---
* Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)

Tracker1 wrote (2023-01-11):

A great way to discourage users to sign up. As a user, how do I know
that your BBS is not a honeypot for collecting email addresses and phone

you have to be very stupid to use a bbs as a honeypot in 2023.

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

... They say there's always one weirdo on the bus, but I couldn't find them!

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Sinner's Haven 2.0 (21:1/169)

On 14 Jan 2023, MaNDaRaX said the following...

Yeah, I am thinking about limiting access to ANSI-only. I am getting sick of these bots and clueless people. It's really taking the fun ou of it.

Yeah, an ANSI restriction may limit SOME bots. However, even many regular linux terms wil return they can render ANSI to that check.

MaNDaRaX

After I installed that press Esc 2x thing I haven't had any issues. I also use PFSense to block certain countries and also do temp blocks of certain suspicious activity. It has a list that is automatically maintained of people that cause issues and how it can block them.

It will never be perfect but it helps a ton. Plus I get whole home ad blocking :D

|23|04Dr|16|12Claw
|16|14Sysop |12Noverdu |14BBS |04(|14Noverdu.com|04)
|10Standard Ports for SSH/Telnet Web/HTTP://|14Noverdu.com:808
|20|15fsxNet/MRC Chat/Registered Doors!/50Nodes/No Time Use! Stay On!|16|07

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Noverdu BBS (21:1/210)

After I installed that press Esc 2x thing I haven't had any issues. I

I agree.. When I programmed a random button (hit twice) to get in 'firewall' it stopped most of the unwanted connections to the BBS.. Or I should say, stopped the tied up Nodes anyway.

|13MaNDaRaX
|09Location: |05Victoria's Secret

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)

I don't understand why you need a login at all right after the connection is established. Why not have an open BBS were users are free to surf the boards And if they want to write messages or read restricted areas they have to

Did you ever run a BBS? You cannot connect without a user account.

You could make a stupid guest account, but those are useless.

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Exodus wrote (2023-01-14):

I don't understand why you need a login at all right after the
connection is established. Why not have an open BBS were users are
free to surf the boards And if they want to write messages or read
restricted areas they have to

Did you ever run a BBS?

Sure, back in the 90s.

You cannot connect without a user account.

Why not? Maybe most BBS programs try to emulate the old-school BBS, but there is no reason to do it differently.

You could make a stupid guest account, but those are useless.

Most BBS are useless anyway. How many people world-wide do really use a BBS regularly as a user (excluding the Sysop itself)? I bet less than there are Sysops. A BBS is mostly a toy for the Sysop.

But what I wanted to express: why should I hand out my email address and phone number, before I can see anything of the BBS? Are you willing to do SMS verification for every website you visit? A stupid guest account is not at all useless.



⁂

---
* Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)

On 15 Jan 2023, Oli said the following...

But what I wanted to express: why should I hand out my email address and phone number, before I can see anything of the BBS? Are you willing to
do SMS verification for every website you visit? A stupid guest account
is not at all useless.

Welllll. A) you use the email addy for a password reset B) users need accounts because EVERYTHING on the bbs centers around an account. Oneliners, message bases, doors ext. C) if you didn't have user accounts it would basically be a website. D) Yes bbs's are mainly a bunch of sysops messing around, BUT.. I just saw a kid with a polaroid instant camera the other day, so..... Everything comes around...

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: Sinner's Haven 2.0 (21:1/169)

You could make a stupid guest account, but those are useless.

I've used guest accounts on any board that will let me to see if it's worth signing up. Usually if I'm just out hunting for a file or something it works great.

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: m O N T E R E Y b B S . c O M (21:4/173)

I've used guest accounts on any board that will let me to see if it's worth signing up. Usually if I'm just out hunting for a file or
something it works great.

Hi there,

whu guest accounts ? Use a website and tell about your BBS. What users can find there and its worth to sign up. Many people reading about BBSes but not everyone uses it. They only know websites, forums, facebook and so on...

Its like every other hobby. Like Amateur Radio, Photography, Games....

I think a guest account isnt worth to configure.
Users need a good password to get her accounts safe.
Mystic BBS has good blacklist function for blocking, i also use the event extension to drop it in iptables, so people cant reach the system login.

Have a nice day :)
Goose

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Goosenet BBS (21:1/177)

Yeah, I am thinking about limiting access to ANSI-only. I am getting so sick of these bots and clueless people. It's really taking the fun out
of it.

ANSI only won't help, entering A = A for a user in either ASCII or ANSI mode.
I wonder if those clueless people are people. Looks more like BOTS to me. Change to a port higher than ..... 2000 - check the TCP and UDP port numbers list on wpedia for reserved ports.

GTx!
sPI!

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: -.sNd!gRDn.- a box full of Snd&Demo Related filez! (21:1/116)

On 16 Jan 2023, Goose said the following...

whu guest accounts ? Use a website and tell about your BBS. What users

Just go to ftelnet.ca and make a link and put it on your website or email it to people.. like this

https://embed-v2.ftelnet.ca/connect/?BareLFtoCRLF=false&BitsPerSecond=57600&Con nectionType=telnet&Emulation=ansi-bbs&Enter=\r&Font=CP437&ForceWss=false&Hostna me=sinnershaven.com&LocalEcho=false&NegotiateLocalEcho=true&Port=23&ProxyHostna me=p-us-east.ftelnet.ca&ProxyPort=80&ProxyPortSecure=443&ScreenColumns=80&Scree nRows=25&SendLocation=true

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: bbs.SinnersHaven.com (21:1/169)

Kidd wrote (2023-01-15):

On 15 Jan 2023, Oli said the following...

But what I wanted to express: why should I hand out my email
address and phone number, before I can see anything of the BBS? Are
you willing to do SMS verification for every website you visit? A
stupid guest account is not at all useless.

Welllll. A) you use the email addy for a password reset

How does that work? Is there a password reset option at login?

The BBS didn't tell me for what the email is needed and used. Maybe it's displayed for everyone to see? How do I know. I only know that many sysops give a shit about privacy (laws).

B) users need accounts because EVERYTHING on the bbs centers around an account.
Oneliners, message bases, doors ext.

And how do I know what is available in the BBS before I register?

C) if you didn't have user accounts it would basically be a website.

There are websites with and without user accounts. Web is just another interface. And that is exactly my point. Make BBSs as open and easily accessible as a website.


⁂

---
* Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)

Kidd wrote (2023-01-16):

On 16 Jan 2023, Goose said the following...

whu guest accounts ? Use a website and tell about your BBS. What
users

Just go to ftelnet.ca and make a link and put it on your website or email it to people.. like this

So we need the web and man-in-the-middle websites to use a BBS?
.... and emails
.... and SMS verification
.... and 128 GB of RAM for Windows 15 and Google Chrome 451 to run Gmail properly



⁂

---
* Origin: War is Peace. Freedom is Slavery. Ignorance is Strength. (21:3/102)

On 17 Jan 2023, Oli said the following...

Welllll. A) you use the email addy for a password reset

How does that work? Is there a password reset option at login?

On mystic there is an option for that if you input the wrong password.

The BBS didn't tell me for what the email is needed and used. Maybe it's displayed for everyone to see? How do I know. I only know that many
sysops give a shit about privacy (laws).

That is true about not telling you what it is needed for but, when bbs's started sysops had your phone numbers which would pinpoint you right down to your house. All I need is a real name and I usually can find out your address and cell number and everything about a person, FREE on the Wicked Wide Web

B) users need accounts because EVERYTHING on the bbs centers around a account.
Oneliners, message bases, doors ext.

And how do I know what is available in the BBS before I register?

How do you know whats in the bday present before you open it? Its a SURPRISE! But chance are you seen a bbs advertisement for the site and its usually on there what they offer.If not, you risk it to get the biscuit!

C) if you didn't have user accounts it would basically be a website.

There are websites with and without user accounts. Web is just another interface. And that is exactly my point. Make BBSs as open and easily accessible as a website.

But then there is no skin in the game and anyone can come on and violate users privacy. Copy what they are saying. Monitor them without them knowing. Like when a sysop takes their net bases and puts them out on the web in NNTP and you google your handle and see all the shit you wrote on a bbs that you thought was private to the community.

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

... The dog ate my .REP packet

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: bbs.SinnersHaven.com (21:1/169)

On 17 Jan 2023, Oli said the following...

Kidd wrote (2023-01-16):

On 16 Jan 2023, Goose said the following...

whu guest accounts ? Use a website and tell about your BBS. What
users

Just go to ftelnet.ca and make a link and put it on your website o email it to people.. like this

So we need the web and man-in-the-middle websites to use a BBS?
.... and emails
.... and SMS verification
.... and 128 GB of RAM for Windows 15 and Google Chrome 451 to run Gmail properly

I don't understand what your issue is. Tell me, How would you advertise to have people know to visit your bbs, stand in the middle of the street and shout it?? Or use a middleman bbs and post it on theirs? I gave a simple example. I made a video about what a bbs was and me using mine and posted it to my social media site with a link to the web-telnet to try and get people on. Different people come up with different ways.

BTW, you must be good friends with Bill to have seen Winblows 15. and its 256 TB of ram, MINIMUM, to boot up.

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

... If a pig loses its voice, is it disgruntled?

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: bbs.SinnersHaven.com (21:1/169)

And not to beat a dead horse on this subject. But if bbs's were totally open and no logon credentials, You would have to have 1000+ nodes to account for the bots taking up nodes. And if privacy is your issue. FREE email account that is not linked to you. FAKE real name. VPN which if you were smart you would already be using. FREE SMS via TEXTr to validate a number to gain access. There, now yow can try before you buy, yo yo yo!! the pirate way of life for me!!

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

... "I am" is the shortest sentence in English. Is 'I do' the longest?

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: bbs.SinnersHaven.com (21:1/169)

There are websites with and without user accounts. Web is just another interface. And that is exactly my point. Make BBSs as open and easily accessible as a website.

I sort of wish we lived in a world in which gates and fences were not necessary at all. And yeah, I'm about to say, "but we don't live in that world," but that's not important here. It bugs me, and I'm not going to get over it, the degree to which, under a cloak of anonymity, people choose to do damage, be it spamming, or abuse, or trying to crash/destroy a system. I often wonder what the whole of the Internet would look like if all of the people who spent time causing problems instead tried to contribute or build something.

Most people seem to have accepted reality. To deal with troublemakers, we've had to spend time making spam filters, implementing captchas, multifactor authentication, and all manner of other things. There seems to be a kind of impunity with which people create havoc which has always irritated me.

The Internet is a *miracle*. To me, it is something approaching sacred. That people treat it as badly as they do frankly makes me angry and I'm not getting over it and I'm not getting past it.

Serious question for everyone: has anyone stopped being amazed, that this exists? That there is an *endless* amount of information out there to dig through, music and video to check out, websites, blogs, and so on? I have not stopped being amazed.

I take none of this for granted.

As for my BBS:

No one cares about or calls my board; it is, as you indicate elsewhere, a kind of "toy" of mine. I put it up for one reason: I got sick and tired of two trends on other boards:

1. Ask me ten billion personal questions to get an account. No. You don't need to know my gender or birthdate, or residential address, full stop. Real name I groan and live with since Fidonet insists on it, but I'd gladly do away with that too if I didn't carry Fidonet (and sometimes I wonder why I do.)

2. Ridiculously short timeouts, as if resources were limited, like you had phone lines that might stay busy, locking callers out, if people idled (and fair enough, there are still boards like that - retrosystems that can only take a single caller at a time, or people still running actual dial-up). My board lets people idle for a long time, so they can get up and get a sandwich, answer a phone call, or start a UFO cult, and then come back and continue where they left off. I idle for hours at a time, and it feels right. I do that on my various shell systems, IRC, reddit...only my banks time me out.

I actually agree that it is optimal that people should be able to check out a board before applying for an account and providing all of the personal information people ask for.

Most boards are not very unique (mine isn't, no flex here) - we routinely call out the folks who put a lot of time into their systems, and rightly so. But there are also countless unmodded out-of-the-box Synchronets out there, for example (Mystics too). They exist for valid reasons I'm sure, but I get a little irritated when I take time to apply for an account only to find out the system is an unmodded board carrying Fidonet and fsxNet, and offering nothing else. It's not that I have a problem with those boards; I just wish I knew that before I took the time to apply.

I don't think this is actually under debate here, but obviously it follows that people can do whatever they please with their own boards, and be as invasive or locked down as they like or require anything they like. I'm not saying what people ought to feel compelled to do.

It's just not optimal for me. It's user-hostile. It wastes time.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Shipwrecks & Shibboleths [San Francisco, CA - USA] (21:1/227)

Welllll. A) you use the email addy for a password reset

How does that work? Is there a password reset option at login?

On Renegade there is .. I coded one years ago. Just for this very reason.

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Re: Re: hackers
By: DustCouncil to Oli on Tue Jan 17 2023 07:19 pm

accessible as a website.

I sort of wish we lived in a world in which gates and fences were not

Did you know there were 6,122 Tradewar 2002 servers out there looking for people to play? I know, just kinda relevent.

:-)

.

Mick Manning
Bad Poetry Blues (badpoet.synchro.net:2300) gopher://centralontarioremote.com:70
--- SBBSecho 3.14-Win32
* Origin: Bad Poetry Blues = badpoet.synchro.net (21:1/159)

Re: hackers
By: Oli to Exodus on Sun Jan 15 2023 03:03 pm

But what I wanted to express: why should I hand out my email address and phone number, before I can see anything of the BBS? Are you willing to do SMS verification for every website you visit? A stupid guest account is not at all useless.

I agree in this sense. Back in the days of yesteryear when BBS's required names, phone numbers and more personalizd information, being doxxed wasn't nearly the threat that it is today. With just a little bit of information you can literally determine the color of someone's front door in just a few minutes. The login sequence could be generally updated for todays standards, but will it ever be? We'd be hard pressed to see kind of update like that across boards, unless one currently active BBS software does something like that, and you never call another software board or lesser bit board again. Best bet is to just give out fake or incorrect information. I don't think our friendly local Sysops are out to destroy our lives! Not to mention it is a cakewalk to save your login information in your telnet client and just ALT your way right in. It's painless to login.

-Tap
--- SBBSecho 3.11-Win32
* Origin: -=[conchaos.synchro.net | ConstructiveChaos BBS]=- (21:4/141)

buy, yo yo yo!! the pirate way of life for me!!

·-──╖ Kídd ╓──·-· ·
╙ Wícked ╙

I believe it Yo, Ho, Ho, Its a Pirates life for me
:p

|23|04Dr|16|12Claw
|16|14Sysop |12Noverdu |14BBS |04(|14Noverdu.com|04)
|10Standard Ports for SSH/Telnet Web/HTTP://|14Noverdu.com:808
|20|15fsxNet/MRC Chat/Registered Doors!/50Nodes/No Time Use! Stay On!|16|07

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Noverdu BBS (21:1/210)

buy, yo yo yo!! the pirate way of life for me!!

·-──╖ Kídd ╓──·-· ·
╙ Wícked ╙

I believe it Yo, Ho, Ho, Its a Pirates life for me

I'm a ghetto pirate.. :)

|11·|03-|09─|01─╖ |15K|07í|08dd |01╓──|09·-|03· |11·
|01╙ |15W|07íck|08ed |01╙

... Computers all wait at the same speed!

--- Mystic BBS v1.12 A48 (Windows/32)
* Origin: bbs.SinnersHaven.com (21:1/169)

Put your board on a non-standard port number, that tends to cut the bots way down. Also, when you catch them be sure to add their IP to an IP Black List.

--- Mystic BBS v1.12 A47 2021/09/29 (Windows/64)
* Origin: Legends of Yesteryear (furmenservices.net:23322) (21:4/102)

On 17 Jan 2023 at 10:39a, Kidd Wicked pondered and said...

And not to beat a dead horse on this subject. But if bbs's were
totally open and no logon credentials, You would have to have 1000+
nodes to account for the bots taking up nodes.

No one cares about BBSes. Seriously. Statistically speaking,
the total number of BBS users is in the noise around 0% globally.

BBSes are basically useless for botnets or whatever; most bots
mindlessly try to run a few commands and automatically disconnect
if they don't work. Listen on a nonstandard port if the noise
bothers you, but the idea that bots are going to suck up BBS
capacity is unsupported by evidence.

For that matter, node limits and timeouts are an anachronism.
I suspect they survive in the "modern" BBS era simply because
that's how things have always been done.

And if privacy is your
issue. FREE email account that is not linked to you. FAKE real name. VPN which if you were smart you would already be using. FREE SMS via TEXTr
to validate a number to gain access. There, now yow can try before you buy, yo yo yo!! the pirate way of life for me!!

Harder to link to you, perhaps, but that's different than "not."

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

For that matter, node limits and timeouts are an anachronism.
I suspect they survive in the "modern" BBS era simply because
that's how things have always been done.

that and multinode doors would be interesting to set up without a concept
of nodes. (i'm thinking of the ones that require config files for each
node)

andrew

--- Talisman v0.46-dev (Windows/x64)
* Origin: Smuggler's Cove - Private BBS (21:1/182)

On 20 Jan 2023 at 07:36a, apam pondered and said...

For that matter, node limits and timeouts are an anachronism.
I suspect they survive in the "modern" BBS era simply because
that's how things have always been done.

that and multinode doors would be interesting to set up without a concept of nodes. (i'm thinking of the ones that require config files for each node)

I think it's ok to have a concept of a "node", it's just
the artificially low limits on them that I balk at in 2023.
A Raspberry Pi is absurdly more powerful than what people
were running multinode BBSes on back in the 90s, so why do
we limit the systems the way we did back then?

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

For that matter, node limits and timeouts are an anachronism.
I suspect they survive in the "modern" BBS era simply because
that's how things have always been done.

Timeout on my board is 3 minutes ... has been since 1993. Why would I want someone to just tie up one of my 4 telnet nodes just sitting there all day. Are all 4 nodes going to be filled at one time in 2023, probably not. But still, I don't want to come home to see some fool that has respect for other people's stuff to just "sit there and leave". If that was the case, there would be no /G goodbye cmds.

Not like it's hard to telnet back in within seconds and get back on. Not like you'll have to wait for a modem to negoiate or get a busy signal anymore.

I just don't understand people. You're not only wasting MY resources by idling there, but also yours. Granted it's a tiny amount, but still a waste on resources and bandwidth.

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

I think it's ok to have a concept of a "node", it's just
the artificially low limits on them that I balk at in 2023.
A Raspberry Pi is absurdly more powerful than what people
were running multinode BBSes on back in the 90s, so why do

When you have 400+ door games, and it takes a million config files to setup doors for each node because each node has to have a drop file, there's one example. Secondly ... After you get 4 or 5 people on one time ... things start to chug along.

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 19 Jan 2023 at 09:11p, Exodus pondered and said...

For that matter, node limits and timeouts are an anachronism.
I suspect they survive in the "modern" BBS era simply because
that's how things have always been done.

Timeout on my board is 3 minutes ... has been since 1993. Why would I want someone to just tie up one of my 4 telnet nodes just sitting there all day. Are all 4 nodes going to be filled at one time in 2023, probably not. But still, I don't want to come home to see some fool
that has respect for other people's stuff to just "sit there and
leave". If that was the case, there would be no /G goodbye cmds.

What kind of computer do you run your BBS on? Why not 40,
or 400 nodes? Why have a baked-in limit at all?

Not like it's hard to telnet back in within seconds and get back on.
Not like you'll have to wait for a modem to negoiate or get a busy
signal anymore.

I dunno. Someone might be in the middle of typing a
message, get up to use the restroom, make a quick snack,
and find themselves disconnected with a timeout that
short. Since most BBS packages suck at saving drafts,
they'd have to start over. Or more likely just not
bother.

I just don't understand people. You're not only wasting MY resources by idling there, but also yours. Granted it's a tiny amount, but still a waste on resources and bandwidth.

This is what I'm talking about.

What bandwidth do you think an established but
otherwise idle TCP connection consumes? Compare
that to the resources used in tearing-down and
re-establishing a TCP connection. (Hint: an
"idle" TCP connection, aside from _maybe_ the
occasional TCP keepalive, IF you turned that on,
uses no bandwidth. The threeway handshake to set
one up and the _four_ packets to tear it down do.
All of that is independent of the option negotiation
that the TELNET protocol does, not to mention the
bandwidth of actually logging in, etc.)

It is, of course, your prerogative how you use
your own resources. But if you care so much
about those tiny amounts, it begs the question:
why run a BBS in the first place?

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 19 Jan 2023 at 09:13p, Exodus pondered and said...

I think it's ok to have a concept of a "node", it's just
the artificially low limits on them that I balk at in 2023.
A Raspberry Pi is absurdly more powerful than what people
were running multinode BBSes on back in the 90s, so why do

When you have 400+ door games, and it takes a million config files to setup doors for each node because each node has to have a drop file, there's one example.

If only there were a way to automate the generation of
largely templatized text files. If only a small computer
like a Raspberry Pi, that runs effectively a version of
Unix, came with software that could do that trivially....

Secondly ... After you get 4 or 5 people on one
time ... things start to chug along.

I don't believe you.

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Yeah, an ANSI restriction may limit SOME bots. However, even many regular linux terms wil return they can render ANSI to that check.

Limiting my BBS to ANSI-only has reduced the number of people trying to break in by about 90%. The bots get stuck because you are forced to type either a 1 or a 0 and they can't figure it out, and the humans are too lazy to pick one.

... A program is used to turn data into error messages.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

I don't ask for anything except a handle and a password.

... Top secret! Burn before reading!

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

Hello Alonzo,

Yeah, an ANSI restriction may limit SOME bots. However, even many
regular linux terms wil return they can render ANSI to that check.

Limiting my BBS to ANSI-only has reduced the number of people trying to break in by about 90%. The bots get stuck because you are forced to type either a 1 or a 0 and they can't figure it out, and the humans are too
lazy to pick one.

... A program is used to turn data into error messages.

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

Why you got so many people who want hack into a bbs ? It make no sense to me ?!


GOM
--- WinPoint 411.0
* Origin: Gom @ 21:1/177.5 (21:1/177.5)

Alonzo wrote to MaNDaRaX <=-

Limiting my BBS to ANSI-only has reduced the number of people trying to break in by about 90%. The bots get stuck because you are forced to
type either a 1 or a 0 and they can't figure it out, and the humans are too lazy to pick one.

That's a great idea.



... Contact is inevitable, leading to information bleed.
--- MultiMail/Win v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

GOM wrote to Alonzo <=-

Why you got so many people who want hack into a bbs ? It make no sense
to me ?!

They're looking for exploitable routers and IOT devices, most likely.



... Contact is inevitable, leading to information bleed.
--- MultiMail/Win v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

//Hello poindexter,//

on *27.01.23* at *14:20:00* You wrote in area *FSX_BBS*
to *GOM* about *"Re: hackers"*.

GOM wrote to Alonzo <=-

Why you got so many people who want hack into a bbs ? It make no sense
to me ?!

They're looking for exploitable routers and IOT devices, most likely.

... Contact is inevitable, leading to information bleed.
--- MultiMail/Win v0.52
* Origin: realitycheckBBS.org -- information is power. (21:4/122)

Ok, thst make more sense to me :)

Thanks


Regards,
GOM
--- WinPoint 411.0
* Origin: Gom's Point (21:1/177.5)

Why you got so many people who want hack into a bbs ? It make no sense

They don't know what they are trying to hack. Most of them are bots.

... Confucius say: "Man who runs behind car gets exhausted"

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

On 07 Jan 23 15:15:51, Alonzo wrote:

change the port from 23 to some other port number.

Good idea. I will give that a try.

... Thats not a bug its an undocumented feature

--- Mystic BBS v1.12 A47 2021/12/25 (Windows/64)
* Origin: The Unmarked Van (21:1/130)

I run on port 6023. Get very little of it.
-Nugax (cbbs)


--- CyberBBS v1.0.10 2023/03/08 [Debian Linux/x64]
* Origin: CyberBBS WHQ BBS | http://www.cyberbbs.co (21:1/167)

On 16 Jan 23 12:54:36, sPINOZa wrote:

Yeah I am thinking about limiting access to ANSI-only. I am getting so sick of these bots and clueless people. Its really taking the fun out
of it.

ANSI only wont help entering A = A for a user in either ASCII or ANSI mode. S>I wonder if those clueless people are people. Looks more like BOTS to me. S>Change to a port higher than ..... 2000 - check the TCP and UDP port numbers list on wpedia for reserved ports.

GTx!
sPI!

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: -.sNd!gRDn.- a box full of Snd&Demo Related filez! (21:1/116)

I drop all Non-ANSI clients with CyberBBS. Its almost always 99.9% bots, not anyone with a dumb terminal or whatever. You won't regret it.
-Nugax (cbbs)


--- CyberBBS v1.0.10 2023/03/08 [Debian Linux/x64]
* Origin: CyberBBS WHQ BBS | http://www.cyberbbs.co (21:1/167)

Thanks for the update. I really appreciate the efforts you have made for this blog.
https://ukmenuprice.today/tim-hortons-birmingham-menu-prices/
--- SBBSecho 3.20-Linux
* Origin: Digital Distortion: digdist.synchro.net (21:1/137)

I haven't thought of actually blocking countries at the router. I've been letting Mystic take care of that. But if it gets worse, I'll try that. Thanks.

No sweat.. :)

Al
--- Platinum Xpress/Win/WINServer v7.0
* Origin: The Hobby Line! BBS - hobbylinebbs.com (21:4/176)